kallithea Changeset - b59568e929ef

Changeset - b59568e929ef

Parent rev.

Child rev.

[Not reviewed]

default

0 1 0

Marcin Kuzminski - 12 years ago 2013-07-22 16:01:07
marcin@python-works.com

fixed password refill in login form when wrong password was given

It's better to not refill the passwords on wrong credentials given.
Standard behaviour on all pages are making the password blank

1 file changed with 3 insertions and 0 deletions:

rhodecode/controllers/login.py

0 comments (0 inline, 0 general)

rhodecode/controllers/login.py

➞

Show inline comments

@@ @@ -70,96 +70,99 @@ class LoginController(BaseController): @@
                 username = c.form_result['username']
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
                 cs = auth_user.get_cookie_store()
                 session['rhodecode_user'] = cs
                 user.update_lastlogin()
                 Session().commit()
                 # If they want to be remembered, update the cookie
                 if c.form_result['remember']:
                     _year = (datetime.datetime.now() +
                              datetime.timedelta(seconds=60 * 60 * 24 * 365))
                     session._set_cookie_expires(_year)
                 session.save()
                 log.info('user %s is now authenticated and stored in '
                          'session, session attrs %s' % (username, cs))
                 # dumps session attrs back to cookie
                 session._update_cookie_out()
                 # we set new cookie
                 headers = None
                 if session.request['set_cookie']:
                     # send set-cookie headers back to response to update cookie
                     headers = [('Set-Cookie', session.request['cookie_out'])]
                 allowed_schemes = ['http', 'https']
                 if c.came_from:
                     parsed = urlparse.urlparse(c.came_from)
                     server_parsed = urlparse.urlparse(url.current())
                     if parsed.scheme and parsed.scheme not in allowed_schemes:
                         log.error(
                             'Suspicious URL scheme detected %s for url %s' %
                             (parsed.scheme, parsed))
                         c.came_from = url('home')
                     elif server_parsed.netloc != parsed.netloc:
                         log.error('Suspicious NETLOC detected %s for url %s'
                                   'server url is: %s' %
                                   (parsed.netloc, parsed, server_parsed))
                         c.came_from = url('home')
                     raise HTTPFound(location=c.came_from, headers=headers)
                 else:
                     raise HTTPFound(location=url('home'), headers=headers)
             except formencode.Invalid, errors:
                 defaults = errors.value
                 # remove password from filling in form again
                 del defaults['password']
                 return htmlfill.render(
                     render('/login.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except UserCreationError, e:
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 h.flash(e, 'error')
         return render('/login.html')
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
         c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
             .AuthUser.permissions['global']
         if request.POST:
             register_form = RegisterForm()()
             try:
                 form_result = register_form.to_python(dict(request.POST))
                 form_result['active'] = c.auto_active
                 UserModel().create_registration(form_result)
                 h.flash(_('You have successfully registered into RhodeCode'),
                             category='success')
                 Session().commit()
                 return redirect(url('login_home'))
             except formencode.Invalid, errors:
                 return htmlfill.render(
                     render('/register.html'),
                     defaults=errors.value,
                     errors=errors.error_dict or {},
                     prefix_error=False,
                     encoding="UTF-8")
             except UserCreationError, e:
                 # container auth or other auth functions that create users on
                 # the fly can throw this exception signaling that there's issue
                 # with user creation, explanation should be provided in
                 # Exception itself
                 h.flash(e, 'error')
         return render('/register.html')

0 comments (0 inline, 0 general)